Re: [DNSOP] Fundamental ANAME problems

Joe Abley <> Mon, 05 November 2018 21:07 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7CBBC1288BD for <>; Mon, 5 Nov 2018 13:07:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FqcQzVepdlmv for <>; Mon, 5 Nov 2018 13:07:04 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 881F31286E7 for <>; Mon, 5 Nov 2018 13:07:03 -0800 (PST)
Received: by with SMTP id p17so7234184lfh.4 for <>; Mon, 05 Nov 2018 13:07:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:from:in-reply-to:references:date:message-id:subject:to :cc:content-transfer-encoding; bh=6xOjBzkQEIvgFpfLAgAprSlC39cvSp8ll86lviq/dsQ=; b=kI0YctZMMGuFCG0bR7IzvII2EGZe6+tFEYkJTl3g63gaXzucsLKlgs4nbsQx0qfosy FICsPpODbSztCFO1BwgLSgaouwyuvBYBFDij2a3KOMPPrySAYNxWQxNEWISRYXAlFhSh +wgyXQ//+Hh25/3Wl6ii9ymby5hiYw7qNGRiw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:from:in-reply-to:references:date :message-id:subject:to:cc:content-transfer-encoding; bh=6xOjBzkQEIvgFpfLAgAprSlC39cvSp8ll86lviq/dsQ=; b=Xe8thVuwJ25OlhH6w+lvvHkSgRzJD7bLnL1jwqJKiF7Rqwd6xisOqx6UxBRYST4PTx FyLVBWJZijeNMHiNkTnrgzkaS9oAnqesWn32ihXNTBF5Xkng6SN2/QaYOinchQnrEakn bOdi48i8XbqJJrEY4Eu6kN4v5M0BiQYHjWs8vmdQ85VIHc+2/iodJD5CN0bKc/PodRFl 3Bs93bZQQdl1y4qkWx0UajoNB0ZkWlIYzZCO7kSo51BRMKT7m6tnk9Mix2pNoQgBdB5e xrBRMYN0uyIGn0pt/jg84WA36N5gQ2+MIu6SxFr515qQokm28vDSx5dDhDPvju6kyUSf /g/w==
X-Gm-Message-State: AGRZ1gJ+A8FgSwhK5Vy+dv+/9QaN/DCq3SoBxvbmkQDjC0YURy28kTyl ktQ4xdJO8ZczEvwL+L+GWPXFXQl+TTktNXLiSeTYzQ==
X-Google-Smtp-Source: AJdET5dnhZkQqnCiOskcPX+QZ6xKk1vPq8E3ulAxYV003Mtwd0BInC41QHu56hbkRwsODo9EAVkbxfh+GMwGMs8c8qU=
X-Received: by 2002:a19:d381:: with SMTP id k123mr14150659lfg.101.1541452021575; Mon, 05 Nov 2018 13:07:01 -0800 (PST)
Received: from unknown named unknown by with HTTPREST; Mon, 5 Nov 2018 13:07:00 -0800
Mime-Version: 1.0 (1.0)
From: Joe Abley <>
In-Reply-To: <>
References: <> <> <> <> <>
Date: Mon, 05 Nov 2018 13:07:00 -0800
Message-ID: <>
To: Ray Bellis <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [DNSOP] Fundamental ANAME problems
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 05 Nov 2018 21:07:05 -0000

Hi Ray,

> On Nov 5, 2018, at 22:38, Ray Bellis <> wrote:
> There *is* a big failing of SRV that's independent of the CNAME apex use case, and that is its lack of support for wildcards.  Since my proposal doesn't use underscore prefix labels, wildcards will work, and this is an important requirement for some large website operators.

I realise it's 4am and I shouldn't even be awake,  ever mind replying
to dnsop mail, but it's not clear to me what the use-case is, here.

Specifically, I s the wildcard owner name a real problem in the grand
scheme of things? I understand that wildcards are used by some people
for names that feature in HTTP URIs, but I'm struggling to imagine
using a wildcard at a zone cut; if a wildcard label doesn't correspond
to a zone apex, why is it a problem that needs fixing? Didn't Ed
already clarify the use of CNAME with wildcards in RFC 4592 twelve
years ago?

> The cost to the DNS community of *trying* my proposed HTTP record is pretty negligible.

To be clear, the rules are clear and you should feel as empowered as
anybody to apply for an early assignment of an RRTYPE and start
writing code. If I sounded like I was arguing against that I
definitely apologise!

However I think that a more coordinated approach that involves people
from both web and DNS communities to understand the problem space is
more sensible, though, and more likely to be productive for this
working group. It's not clear to me that either community has a great
track record just guessing at what the other one wants.